Overview

As the only advanced treatment hospital within Fukui prefecture, University of Fukui Hospital provides sophisticated medical services, and engages in the research and development of cutting-edge medical care. As a community-based hospital, it also makes efforts in hospital-clinic cooperation, which includes receiving patients who have been referred there by local hospitals and clinics.

Using virtualization technology, the hospital has constructed a hospital information system (HIS) that includes electronic health records. “Our objective is to make work easier and reduce costs. We have built a structure for performing duties with thin clients,” says Yoshinori Yamashita, an associate professor at University of Fukui Hospital.

There is also sufficient investment in security measures.

The hospital has established multi-layered countermeasures through “entry-and-exitpoint security”, such as email and web filtering, endpoint security for clients and servers, and “internal security”, which monitors malicious behavior within the network, with Trend Micro products.

Challenges

However, attack techniques have changed significantly in recent years, and conventional security measures are now no longer enough.

“There are rising numbers of targeted email attacks, which take advantage of the assumptions and mistakes of people operating computers, leading them to open attachments and links. There are many attacks using “unknown” techniques, making them difficult to prevent using conventional signature-type products,” Yamashita explains. Constant network monitoring is essential in order to prevent damage, which increases the administrators’ workloads day by day. There are also risks that are unique to the ICT environment of University of Fukui Hospital.

A thin client can access both HIS and the information system connected to the internet. As a result, there is a possibility of threats from the internet infiltrating HIS. Now that medical devices, such as scan and examination equipment, have network connections, the intrusion of malware into HIS carries the potential to interrupt medical services. This kind of event must be avoided at all costs.

"The new setup is rated highly due to its automated security. "

Yoshinori Yamashita,University of Fukui Hospital

Why Trend Micro

An investigation resulted in University of Fukui Hospital adopting Trend Micro Connected Threat Defense (CTD), as a solution concept.

A custom sandbox analyzes unknown threats detected by multiple layers of Trend Micro security products. Then, Trend Micro™ Control Manager™, an integrated management product, automatically sends threat information regarding analysis results in a custom sandbox, such as files, IP addresses, and URLs, to security products, and the threats are then blocked and isolated.* This helps to minimize damage should a threat infiltrate the system.

“The solution not only provides a defense against unknown threats. Initial responses, which had to be carried out manually in the past, can now be automated, which allows an immediate response and also lightens the workload of administrators. Being able to effectively utilize products that have already been deployed also attracted us to this solution,” says Yamashita.

*Only compatible with OfficeScan as of June 2016. Other products are scheduled for compatibility.

Solution

The hospital realized CTD by deploying the custom sandbox, Trend Micro™ Deep Discovery™ Analyzer in the existing environment. Operation initially began on the HIS that has the largest amount of important data.

Results

There have been no signs of critical attacks which would result in actual damage. “Because we have started application from a comparatively safe domain, the results have been as expected; we believe that CTD will display its true value once we expand its range of application. Much like when the human body increases its own resistance after being infected with a virus, we feel that this setup creates an ‘immune system’ within our information system,” says Yamashita. Once full operation is underway, the hospital plans to share reports containing threat situations etc., internally in order to improve their staff’s risk awareness regarding targeted attacks.

What's Next

University of Fukui Hospital is also implementing measures to enhance security using a Software Defined Network (SDN) and OpenFlow Network.

Trend Micro™ Deep Discovery™ Inspector Virtual Appliance monitors the network, and a SDN/ OpenFlow controller reads the event logs that it provides. If suspicious communications are discovered, related network segments are blocked and isolated based on pre-configured policies. In the past, similar measures were carried out manually using an independently developed system; however, an SDN allows a swift response and decreases the operating burden of administrators.

In a medical institution that handles huge amounts of important information, even the smallest information leakage cannot be permitted. Because the Internet of Things (IoT), in which data is exchanged between equipment, is currently expanding, applying multiple layers of security measures, as University of Fukui Hospital has done, is extremely effective. “We expect further great proposals from Trend Micro to achieve security measures that are even more effective,” concludes Yamashita.